37cb0b12c7f863a4647184792bd66d1f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

37cb0b12c7f863a4647184792bd66d1f_JaffaCakes118
Size

749KB
MD5

37cb0b12c7f863a4647184792bd66d1f
SHA1

7942f551a53075cd0eb97f6910d19ed6b7ff8069
SHA256

5505903eba600fc97481b28466a97b1a5602c5bf6a696187ceeb8d612ec35cbd
SHA512

5dffdf73301fa6aa1575cec94da205128dcf7e207ddc2bbe54e4a69536904c3f7ba55d9f7fbbe53362615ef3164414314f91898214864f128624a55efb1ed64b
SSDEEP

12288:ZP+UizoNPZPT64QyD/hThD29E227wnil3Cus3L+/k/QJGonIQR7:ZN9Zr64QyDJdDB2cC13LDVodF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37cb0b12c7f863a4647184792bd66d1f_JaffaCakes118

Files

37cb0b12c7f863a4647184792bd66d1f_JaffaCakes118
.sys windows:4 windows x86 arch:x86

f3d1cebc8eb5a4fc77353b3333cc750c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwQuerySystemInformation
ExAllocatePoolWithTag
ExFreePoolWithTag
IoInvalidateDeviceRelations
ExUuidCreate
NtQueryQuotaInformationFile
FsRtlResetLargeMcb
IoRegisterDriverReinitialization
CcCopyWrite
qsort
RtlCompressBuffer
ZwLoadDriver
CcUnpinDataForThread
IoRegisterFsRegistrationChange
ZwQueryInformationToken
RtlDestroyAtomTable
ZwQueryKey
MmMapVideoDisplay
FsRtlLegalAnsiCharacterArray
RtlFindRange
RtlInitString
ZwUnmapViewOfSection
ZwEnumerateValueKey
wcscat
FsRtlIsNtstatusExpected
IoFileObjectType
RtlSubAuthoritySid
RtlGetGroupSecurityDescriptor
ZwRequestWaitReplyPort
RtlEnumerateGenericTableWithoutSplaying
IoGetDeviceToVerify
CcScheduleReadAhead
_except_handler3
PsSetCreateThreadNotifyRoutine
NtWriteFile
CcPreparePinWrite
RtlQueryAtomInAtomTable
NtQueryInformationToken
RtlZeroHeap
PoRegisterSystemState
RtlLargeIntegerShiftLeft
ZwUnloadDriver
_local_unwind2
_itow
ExRaiseAccessViolation
CcSetBcbOwnerPointer
isupper
RtlInsertElementGenericTable
RtlFindMostSignificantBit
ZwOpenSection
IoCheckQuerySetFileInformation
IoCreateDevice
ExLocalTimeToSystemTime
RtlDecompressFragment
RtlGetDefaultCodePage
MmSetAddressRangeModified
PfxInitialize
RtlInsertUnicodePrefix
FsRtlCheckOplock
SeExports
SeQueryAuthenticationIdToken
RtlDestroyHeap
IoGetBaseFileSystemDeviceObject
FsRtlCopyRead
ExExtendZone
IoReportHalResourceUsage
RtlxAnsiStringToUnicodeSize
Exi386InterlockedDecrementLong
vsprintf
ExInterlockedRemoveHeadList
RtlFindMessage
IoIsFileOriginRemote
IoAdapterObjectType
IoGetRequestorProcess
ZwFlushKey
MmForceSectionClosed
ExInitializeZone
KeSetSystemAffinityThread
ExQueueWorkItem
MmUnmapViewInSessionSpace
WRITE_REGISTER_UCHAR
MmGetPhysicalMemoryRanges
CcPurgeCacheSection
KeBugCheck

Sections

.text
Size: 342KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 393KB - Virtual size: 393KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3d1cebc8eb5a4fc77353b3333cc750c

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 342KB - Virtual size: 342KB

.rdata Size: 512B - Virtual size: 432B

.data Size: 9KB - Virtual size: 22KB

INIT Size: 2KB - Virtual size: 2KB

.reloc Size: 393KB - Virtual size: 393KB

.text
Size: 342KB - Virtual size: 342KB

.rdata
Size: 512B - Virtual size: 432B

.data
Size: 9KB - Virtual size: 22KB

INIT
Size: 2KB - Virtual size: 2KB

.reloc
Size: 393KB - Virtual size: 393KB